Computer Laboratory

Technical reports

Secure sessions from weak secrets

Michael Roe, Bruce Christianson, David Wheeler

July 1998, 12 pages

Abstract

Sometimes two parties who share a weak secret k (such as a password) wish to share a strong secret s (such as a session key) without revealing information about k to a (possibly active) attacker. We assume that both parties can generate strong random numbers and forget secrets, and present three protocols for secure strong secret sharing, based on RSA, Diffie-Hellman and El-Gamal. As well as being simpler and quicker than their predecessors, our protocols also have slightly stronger security properties: in particular, they make no cryptographic use of s and so impose no subtle restrictions upon the use which is made of s by other protocols.

Full text

PDF (1.0 MB)

BibTeX record

@TechReport{UCAM-CL-TR-445,
  author =	 {Roe, Michael and Christianson, Bruce and Wheeler, David},
  title = 	 {{Secure sessions from weak secrets}},
  year = 	 1998,
  month = 	 jul,
  url = 	 {http://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-445.pdf},
  institution =  {University of Cambridge, Computer Laboratory},
  number = 	 {UCAM-CL-TR-445}
}